<!doctype html>
<title>
  Sandboxed Cross-Origin-Opener-Policy popup should cut the opener if necessary
  including during redirects.
</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/dispatcher/dispatcher.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/common/utils.js"></script>
<script src="resources/common.js"></script>
<body>
<script>
const executor_path = "/common/dispatcher/executor.html?pipe=";
const coop_same_origin_header =
  '|header(Cross-Origin-Opener-Policy,same-origin)';
const coop_unsafe_none_header =
  '|header(Cross-Origin-Opener-Policy,unsafe-none)';

function getExecutorPath(uuid, origin) {
  return origin.origin + executor_path + `&uuid=${uuid}`;
}

[
  "allow-popups allow-scripts allow-same-origin",
  "allow-popups allow-scripts",
].forEach(sandboxValue => {
  async_test(t => {
    // Set up dispatcher communications.
    const iframe_token = token();
    const popup_token = token();
    const main_frame_token_for_popup = token();
    const main_frame_token_for_iframe = token();

    // Create a sandboxed iframe.
    const iframe = document.createElement("iframe");
    iframe.sandbox = sandboxValue;
    iframe.src = getExecutorPath(iframe_token, SAME_ORIGIN);
    document.body.append(iframe);
    t.add_cleanup(() => iframe.remove());

    // Open a COOP popup from the sandboxed iframe.
    // Instead of navigating directly we go through a redirect.
    const popup_url = getExecutorPath(popup_token, SAME_ORIGIN);
    const redirect_url = SAME_ORIGIN.origin + "/common/redirect.py?pipe=" +
                         coop_same_origin_header + "&location=" +
                         encodeURIComponent(popup_url);
    send(iframe_token, `window.popup = window.open('${redirect_url}')`);

    // This should fail. We ping the popup, if we get an answer it loaded.
    send(popup_token, `
      send('${main_frame_token_for_popup}', 'Popup loaded');
    `);
    receive(main_frame_token_for_popup)
    .then(t.unreached_func("A COOP popup was created from a sandboxed frame"));

    // We delay probing the popup.closed property to give it time to settle.
    t.step_timeout(() => {
      send(iframe_token,
        `send('${main_frame_token_for_iframe}', window.popup.closed);`);
      }, 1500);
    receive(main_frame_token_for_iframe)
    .then(t.step_func_done(data => assert_equals(data, "true")));

  }, `<iframe sandbox="${sandboxValue}"> ${document.title}`);
});
</script>
</body>
